Learn More

Fill out the form for more information, or call 1-800-726-3339.


Although the United Kingdom is scheduled to leave the European Union in March 2019, businesses will not be exempt from following the bloc’s General Data Protection Regulation (GDPR). For one, UK organizations will still need to follow GDPR by default until Britain officially “Brexits” out of the EU. Thanks to the UK Data Protection Act, businesses will strategizing how to approach their strategies for securing customer data in the coming users. The act took effect in May 2018, and enshrines GDPR data security standards into British law.

Much like GDPR, the UK Data Protection Act protects any information that can be tied to identifiable or identified living individual, otherwise known as a “data subject.” This can include names, addresses, geolocational data such as IP addresses, and specific information pertaining to the physical, mental, genetic, cultural, psychological, and economic traits of the individual in question. It also requires businesses to follow the GDPR’s six privacy policy principles, which emphasize transparent processing, tailored data collection, deidentification of personal data, and solid data retention procedures. As part of this guidance, companies are required to take appropriate technical and organizational steps to protect these types of data in a manner that ensures their appropriate security. The law specifically advises companies to implement measures that protect against the unauthorized or unlawful data processing, accidental loss, destruction or damage.

Businesses and organizations must also have policy documentation in place describing how they intend to comply with the GDPR’s policy principles and explaining their data retention and erasure policies. They’re required to regularly update these documents and keep them on file for review by the UK’s ICO office for six months after ceasing processing. Companies are additionally not allowed to transfer consumer data outside the UK unless the transfer is proportionate and necessary under UK security and intelligence services law. While the act is similar to GDPR in many respects, it does carve out several exceptions for businesses. It allows children as young as 13 to consent to collection activities instead of 16, and places limitations on what information credit reference agencies can disclose regarding an individual’s financial standing. It also grants financial services providers some leeway if the data they collect affects the pricing of certain financial instruments. You can consult Schedule 2 of the Act to see if any data processing exemptions apply to your business activities.

Businesses that violate the Data Protection Act can expect to face fines of up to 20 million Euros or 4% of the organization’s global turnover for the previous fiscal year, whichever is greater. Using a GDPR-ready virtual cloud hosting platform is one step your organization can take to secure your customers’ data and avoid this predicament without investing heavily in on-site safeguards and dedicated IT personnel. Our virtual cloud hosting platform, Abacus Private Cloud, can protect your clients’ sensitive data underneath three comprehensive layers of physical, server, and data security. This allows you to securely store and access your data anywhere from any device while leveraging 256-bit AES encryption, robust user access controls, multifactor authentication, SSL-A-rated UK and international data centers, and other top-flight features. Going this route can help you save $3,966 monthly compared to on-site alternatives.

Contact us to see how Abacus Private Cloud can help you comply with your GDPR and UK data collection obligations.